当前位置: X-MOL 学术Comput. Secur. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
A differential game method against attacks in heterogeneous honeynet
Computers & Security ( IF 4.8 ) Pub Date : 2020-10-01 , DOI: 10.1016/j.cose.2020.101870
Jianguo Ren , Chunming Zhang

Abstract The use of honeynet has become relatively common for security researchers and network operators to improve the network security. Thus, study of decision-making against attacks in a heterogeneous honeynet is significantly important for improving the design of honeynet and effectively preventing attacks. This paper establishes a dynamic node-evolutive model under attacks by considering the inherent characteristics and the functional interaction between ordinary nodes and honeypots, based on which the decision-making problem is modeled as a differential game. The existence of the saddle-point involved in the game is validated and the optimal dynamic strategies for the honeynet system and attackers are obtained through the proposed algorithm. The obtained optimal strategies are verified using several random strategies. The effects of the network topology and attack duration on the strategies for both sides and on the overall attack effect are evaluated. The key findings are: a) strategic decision-making should be closely related to the node degree. Specifically, the higher-degree node adapts attack or capture strategy in preference to the lower-degree one, in contrast to the patching strategy. b) a honeynet with higher power-law exponent is beneficial to eliminate attack effects, whereas a higher attack duration can aggravate these effects. The obtained results provide a theoretical foundation to improve the design of honeynet and restrain honeynet attacks.

中文翻译:

异构蜜网中对抗攻击的差分博弈方法

摘要 蜜网的使用已成为安全研究人员和网络运营商提高网络安全性的比较普遍的方法。因此,研究异构蜜网中的攻击决策对于改进蜜网设计和有效防止攻击具有重要意义。考虑到普通节点与蜜罐的内在特征和功能交互,建立了攻击下的动态节点进化模型,在此基础上将决策问题建模为微分博弈。通过所提出的算法,验证了博弈所涉及的鞍点的存在性,并获得了蜜网系统和攻击者的最优动态策略。使用几种随机策略验证获得的最优策略。评估网络拓扑和攻击持续时间对双方策略和整体攻击效果的影响。主要发现是: a) 战略决策应与节点度密切相关。具体来说,与修补策略相反,较高度节点优先于较低度节点采用攻击或捕获策略。b) 具有较高幂律指数的蜜网有利于消除攻击效应,而较长的攻击持续时间会加剧这些效应。所得结果为改进蜜网设计和抑制蜜网攻击提供了理论基础。具体来说,与修补策略相反,较高度节点优先于较低度节点采用攻击或捕获策略。b) 具有较高幂律指数的蜜网有利于消除攻击效应,而较长的攻击持续时间会加剧这些效应。所得结果为改进蜜网设计和抑制蜜网攻击提供了理论基础。具体来说,与修补策略相反,较高度节点优先于较低度节点采用攻击或捕获策略。b) 具有较高幂律指数的蜜网有利于消除攻击效应,而较长的攻击持续时间会加剧这些效应。所得结果为改进蜜网设计和抑制蜜网攻击提供了理论基础。
更新日期:2020-10-01
down
wechat
bug